Eric Soroos

5 exploits Active since Jun 2021
CVE-2021-28676 WRITEUP HIGH WRITEUP
Python Pillow < 8.2.0 - Infinite Loop
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
CVSS 7.5
CVE-2022-45199 WRITEUP HIGH WRITEUP
Python Pillow < 9.3.0 - Denial of Service
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
CVSS 7.5
CVE-2025-48379 WRITEUP HIGH WRITEUP
Pillow <11.3.0 - Buffer Overflow
Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.
CVSS 7.1
CVE-2025-64100 WRITEUP MEDIUM WRITEUP
CKAN <2.10.9, <2.11.4 - Info Disclosure
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage (CKAN uses cookie-based session storage by default). The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers are now regenerated after each login. This vulnerability has been fixed in CKAN 2.10.9 and 2.11.4
CVSS 6.1
CVE-2026-25990 WRITEUP HIGH WRITEUP
Python Pillow < 12.1.1 - Out-of-Bounds Write
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
CVSS 7.5